4 matches found
CVE-2022-23505
Passport-wsfed-saml2 is a ws-federation protocol and SAML2 tokens authentication provider for Passport. In versions prior to 4.6.3, a remote attacker may be able to bypass WSFed authentication on a website using passport-wsfed-saml2. A successful attack requires that the attacker is in possession...
CVE-2022-23505
Passport-wsfed-saml2 is a ws-federation protocol and SAML2 tokens authentication provider for Passport. In versions prior to 4.6.3, a remote attacker may be able to bypass WSFed authentication on a website using passport-wsfed-saml2. A successful attack requires that the attacker is in possession...
CVE-2022-23505 Passport-wsfed-saml2 vulnerable to Authentication Bypass for WSFed authentication
Passport-wsfed-saml2 is a ws-federation protocol and SAML2 tokens authentication provider for Passport. In versions prior to 4.6.3, a remote attacker may be able to bypass WSFed authentication on a website using passport-wsfed-saml2. A successful attack requires that the attacker is in possession...
CVE-2022-23505
Passport-wsfed-saml2 (Node.js Passport strategy) prior to 4.6.3 is vulnerable to authentication bypass: an attacker who possesses an arbitrary IDP-signed WSFed assertion may bypass WSFed authentication on websites using the library. Depending on the IDP, fully unauthenticated (no valid user) atta...